23% of infosec professionals say that cybersecurity incidents experienced by their organization have increased since transitioning to remote work. At the same time, almost half say they have been taken off some or all of their typical security duties to assist with other IT-related tasks.
New research indicates that as Coronavirus-related threats continue to rise, IT departments are exceedingly strained to cope with remote-work policies and duties – especially those in charge with protecting the organization against cyber attacks.
81% of respondents in the (ISC)2 COVID-19 Cybersecurity Pulse Survey said they were all responsible for securing their organizations' digital assets. The same professionals indicated that their job function has changed during the pandemic, with 90% of them indicating that they themselves are now working remotely full-time.
Surveyors cautioned that the study, conducted in April on a base of 256 global cybersecurity professionals, "should not be viewed as statistically representative of the entire cybersecurity workforce." Nevertheless, the results paint a clear picture of the recent adjustments organizations have made to maintain their business operations and the impact on cybersecurity professionals.
For example, 96% of respondents' organizations have closed their physical work environments and moved to remote work-from-home policies for employees. Nearly half said this was the case for all employees and more than half indicated that at least some employees are working remotely.
23% said cybersecurity incidents experienced by their organization have increased since transitioning to remote work. Some said they were tracking as many as double the number of incidents. And while 81% of respondents said their organizations view security as “an essential function” at this time, 47% of respondents said they have been taken off some or all of their typical security duties to assist with other IT-related tasks, such as equipping a mobile workforce.
As a result, 15% of respondents indicated their information security teams do not have the necessary resources to support a remote workforce. 41% said their organizations are utilizing best practices to secure their remote workforce. Another 50% agreed, but admitted they could be doing more.
An unnamed respondent in the survey summed up the situation, saying: "COVID-19 hit us with all the necessary ingredients to fuel cybercrime: 100% work from home [WFH] before most organizations were really ready, chaos caused by technical issues plaguing workers not used to WFH, panic and desire to 'know more' and temptation to visit unverified websites in search of up-to-the-minute information, remote workforce technology supported by vendors driven by 'new feature time to market' and NOT security, employees taking over responsibilities for COVID-19 affected coworkers (unfamiliarity with process), and uncertainty regarding unexpected communication supposedly coming from their employers."